'Cybersecurity is a team sport, but it could do with a glow up'
Lacework and AWS challenge outdated perceptions of cybersecurity and attract new talent
As cyber threats change and diversify so must the cybersecurity workforce to counter those threats. A recent event held by Lacework and AWS highlighted the breadth of opportunity in cybersecurity and showcased some great role models – and CISO Barbie.
The perception that cybersecurity is an unwelcoming environment for women is widely held, damaging, and only partly true. Yes, women still constitute an unrepresentative minority of the cybersecurity workforce, but many women cybersecurity engineers and architects go to great lengths to recruit more women into the field by taking every opportunity to explain what a fascinating and varied career cyber can offer. So it was last week at an event held by AWS and cloud security platform Lacework offering advice to women on the possibilities of cyber, and advice on how to access the opportunities.
Lacework CMO, Meagen Eisenberg, talked to Computing about the success of the Lacework Secured by Women programme, which launched last year to help break some of the misconceptions putting women off cybersecurity, and to support and nurture the careers of women who have helped to lead the way.
"We asked for nominations of women in a security role, and we selected five and paid for them to go the security conference of their choice - hotel, travel, registration, all of it."
Lacework received around 500 nominations, and hope for more with this years' programme. As Eisenberg says:
"We're always trying to think about how we can bring more women together into the CISO community."
To this end, Lacework created CISO Barbie, as a tool to help challenge perceptions and prompt conversations. Eisenberg admits to being a little uncertain of how popular CISO Barbie would actually be with women working in cyber, but the idea was a hit, and not just in social media channels.
"Men and women told us that they'd brought it home and talked to their daughters and sons to share what they were doing and be proud of it."
CISO Barbie seems at odds with an industry which still presents itself as shadowy, hooded and gives off some distinctly militaristic vibes. This is, of course, entirely the point.
The links to pop culture continued with a presentation from Bronwyn Boyle, CISO, Cyber Adviser & Consultant & NED, who managed to explain why Taylor Swift would make a brilliant CISO in the event that she tires of being an international pop icon. Firstly, Swift is the queen of reinvention, and any CISO will tell you how important that ability is in the face of the continually changing nature of the threat landscape. Swift is also innovative in terms of her use of technology, such as the use of LED wristbands on her ERAS tour and has demonstrated considerable resilience throughout her career, refusing to cede control of her work or be intimidated by attempts to put her back in her box.
The resilience point is an interesting one. Boyle acknowledged the risks of stress and burnout in cybersecurity. It's a great place to earn a living, but we shouldn't try to pretend that it can't be a challenging space. Boyle is part of an initiative called Cybermindz, which helps to provide support for the people who are, as Boyle puts it, "at the pointy end" of trying to keep us safe.
Talyor Swift is also a brilliant storyteller, and as any cybersecurity professional knows, this is critical skill for a CISO.
"The more we can tell our stories as security professionals, and as CISOs, the more likely you will get that buy in, you'll get that shared understanding," Boyle says.
"When you talk to people about security controls it can seem like an overhead or friction, or it's burdensome or doesn't make any sense. When you take the time to explain and talk that through the more you get that emotional connection and better understanding, which can build an advocacy and a championing of what you're trying to achieve."
Boyle finished her presentation by drawing attention to Swift's effectiveness at collaboration and her understanding of the power of community - something anyone working in cybersecurity knows is absolutely crucial.
Speaking to Boyle separately, she emphasised how these seemingly quite small-scale events can prove to be a much more powerful recruiting tool than they seem on the surface because they provide a chance to convey the breadth of skills that cybersecurity needs.
"We have a huge pool of talent that we can tap into if people are up for exploring. Events like this are super important because you get talking to people in the field and see what sort of opportunities are out there.
"If you look at the breadth of the cybersecurity domain, we need everything from behavioural analytics specialists and people who can communicate and engage with the public. We need people in compliance and the legal side of cyber. People fixate on the technical bit but it takes a village. I'm keen to make sure we're as multidimensional as we can be when we talk about the disciplines."
The evening contained further presentations by women at different stages of their careers with AWS and with Lacework but who were keen to share their insights and experiences. The evening concluded with a panel discussion which shared considerable cumulative wisdom with a highly engaged young audience who were keen to learn from some very positive role models, all of whom were keen to convey the message that you don't have to change who you are to enjoy a cybersecurity career and that now is a great time to make the move.
Cyber threats are rising, and IT leaders need the latest information to stay ahead of the curve. Join us at the Cybersecurity Festival on 2nd May, where we bring together the most senior and influential voices from security leaders throughout the UK. Click here to secure your free place.